Identifying Cybersecurity Risks to Critical Infrastructure Act of 2012 - Amends the Homeland Security Act of 2002 to require the Secretary of Homeland Security (DHS) to conduct continuous, sector-by-sector research, identification, and evaluation of cybersecurity risks to critical infrastructure in coordination with: (1) the heads of sector-specific agencies, (2) owners and operators of critical infrastructure, and (3) any private sector entity engaged in ensuring the security or resilience of critical infrastructure.
Directs the Secretary to ensure that information relating to such risks is: (1) disseminated, to the maximum extent possible, in an unclassified version, to owners and operators of critical infrastructure within each such sector; or (2) if the information in whole or in part should be classified, share such information with owners and operators who possess the appropriate security clearances.
Requires the Secretary to report to Congress at least semiannually on cybersecurity risks to critical infrastructure.
[Congressional Bills 112th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6221 Introduced in House (IH)]
112th CONGRESS
2d Session
H. R. 6221
To amend the Homeland Security Act of 2002 to require the Secretary of
Homeland Security to research, identify, and evaluate cybersecurity
risks to critical infrastructure, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 26, 2012
Ms. Clarke of New York (for herself and Mr. Daniel E. Lungren of
California) introduced the following bill; which was referred to the
Committee on Homeland Security
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to require the Secretary of
Homeland Security to research, identify, and evaluate cybersecurity
risks to critical infrastructure, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Identifying Cybersecurity Risks to
Critical Infrastructure Act of 2012''.
SEC. 2. IDENTIFICATION OF SECTOR-SPECIFIC CYBERSECURITY RISKS.
(a) In General.--Subtitle C of title II of the Homeland Security
Act of 2002 (6 U.S.C. 141 et seq.) is amended by adding at the end the
following new section:
``SEC. 226. IDENTIFICATION OF SECTOR-SPECIFIC CYBERSECURITY RISKS.
``(a) In General.--The Secretary shall, on a continuous and sector-
by-sector basis, research, identify, and evaluate cybersecurity risks
to critical infrastructure. In carrying out this subsection, the
Secretary shall coordinate, as appropriate, with the following:
``(1) The heads of sector specific agencies.
``(2) The owners and operators of critical infrastructure.
``(3) Any private sector entity engaged in ensuring the
security or resilience of critical infrastructure, as
determined appropriate by the Secretary.
``(b) Evaluation of Risks.--The Secretary, in coordination with the
individuals and entities referred to in subsection (a), shall evaluate
the cybersecurity risks researched and identified under such subsection
by taking into account each of the following:
``(1) The actual or assessed threat, including a
consideration of adversary capabilities and intent,
preparedness, target attractiveness, and deterrence
capabilities.
``(2) The extent and likelihood of death, injury, or
serious adverse effects to human health and safety caused by a
disruption, destruction, or unauthorized use of critical
infrastructure.
``(3) The threat to national security caused by the
disruption, destruction, or unauthorized use of critical
infrastructure.
``(4) The harm to the economy that would result from the
disruption, destruction, or unauthorized use of critical
infrastructure.
``(5) Other risk-based security factors that the Secretary
determines appropriate to protect public health and safety,
critical infrastructure, or national and economic security, in
consultation with the following:
``(A) The heads of sector specific agencies.
``(B) Any private sector entity determined
appropriate by the Secretary.
``(c) Availability of Identified Risks.--The Secretary shall ensure
that information relating to the risks researched, identified, and
evaluated under this section for each sector described in subsection
(a) is disseminated, to the maximum extent possible, in an unclassified
version, to owners and operators of critical infrastructure within each
such sector. If the Secretary determines that such information, in
whole or in part should be classified, the Secretary shall share such
information, as the Secretary determines appropriate, with such owners
and operators if such owners and operators possess the appropriate
security clearances.
``(d) Periodic Reports to Congress.--The Secretary shall
periodically, but not less often than semiannually, report to the
appropriate congressional committees on the cybersecurity risks to
critical infrastructure researched, identified, and evaluated pursuant
to subsection (a).
``(e) Critical Infrastructure Defined.--In this section, the term
`critical infrastructure' has the meaning given such term under section
1016(e) of the Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism (USA
PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e); Public Law 107-56).''.
(b) Clerical Amendment.--Subsection (b) of section 1 of the
Homeland Security Act of 2002 (6 U.S.C. 101) is amended by adding after
the item relating to section 225 the following new item:
``Sec. 226. Identification of sector-specific cybersecurity risks.''.
<all>
Introduced in House
Introduced in House
Sponsor introductory remarks on measure. (CR E1338)
Referred to the House Committee on Homeland Security.
Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line